NOTICE -
This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and co-operation.
You’d have to find the
mechanism to programmatically convert to CSV – the data files are in MS evt
format (but I’m sure it can be done).
1.)
No – NFS doesn’t have
auditing that I recall
2.)
DFM doesn’t do
this
3.)
File Auditing does have
some impact, but it’s difficult to predict just how much – impact will depend on
the amount of headroom you have left in your filer (current load). 7.2
will probably help a bit as the rumors of multi-threaded WAFL should be present
(or maybe that’s 7.3??)
Glenn
From:
owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Hadrian Baron
Sent: Tuesday, June 27, 2006 12:00
PM
To:
toasters@mathworks.com
Subject:
Any CIFS Audit scripts?
Hello
everyone,
I've been
running into issues with growing CIFS access and I need more visibility.
I've searching google, toaster archive, NOW, and CPAN for something that will
generate a report from the cifs audit logs and can't find anything. I find
allusions to scripts, but no one posting them.
I will
probably have to write a script myself but was wondering if there is anything
already out there that someone would like to share.
Here is
how I see the script going:
Pull down cifs audit.evt files from
the filer
Convert to CSV
Parse the
csv and generate a report to show which users are hitting which shares &
files
Submit records to mysql or another
db so we have a historical security audit log DB for cifs.
Three Qs:
1 - Would this work with NFS - it
seems we lack NFS auditing with DOT.
2 - Is this
something DFM could do?
3. What if any performance
impact is seen by enabling NTFS file auditing (all options) for say 10 TB of
data.
Any help
or feedback would be appreciated. I'm running DOT 7.1 on a pair of
940cs.
--
Hadrian